What technology area does this patent fall under?

Primary CPC classification G06F21/552. Mapped technology areas include Physics.

When was this patent published?

Publication date Thu Jan 21 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Behavior Change Detection System for Services

US2016019387A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016019387-A1
Application number	US-201414519062-A
Country	US
Kind code	A1
Filing date	Oct 20, 2014
Priority date	Jul 16, 2014
Publication date	Jan 21, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A behavior change detection system collects behavior from a service, such as an online service, and detects behavior changes, either permanent or transient, in the service. Machine learning hierarchical (agglomerative) clustering techniques are utilized to compute deviations between clustered data sets representing an “answer” that the service presents to a series of requests.

First claim

Opening claim text (preview).

What is claimed is: 1 . A computer-implemented method comprising: collecting data associated with an initial behavior phase of a service; collecting data associated with an exercised behavior phase of the service; and computing a deviation between the initial behavior phase and the exercised behavior phase. 2 . The method of claim 1 , wherein the service comprises an online service. 3 . The method of claim 1 , wherein collecting data associated with the initial behavior phase comprises using a domain metadescriptor in a specific context triggered by a matrix execution. 4 . The method of claim 1 , wherein collecting data associated with the exercised behavior phase comprises using a domain metadescriptor in a specific context triggered by a matrix execution. 5 . The method of claim 1 , wherein collecting data associated with the initial behavior phase comprises using a domain metadescriptor in a specific context triggered by a matrix execution; and wherein collecting data associated with the exercised behavior phase comprises using the domain metadescriptor in a specific context triggered by the matrix execution. 6 . The method of claim 5 , wherein the domain metadescriptor is a collection of objects described in an independent context. 7 . The method of claim 6 , wherein the domain metadescriptor includes an extractor that extracts specific objects from a page and a collection of features which define what a behavior means. 8 . The method of claim 5 , wherein the matrix execution describes an object context generator. 9 . The method of claim 5 , wherein collecting data associated with the initial behavior phase and collecting data associated with the exercised behavior phase are performed over different finite time periods having the same length. 10 . The method of claim 5 , wherein collecting data associated with the initial behavior phase defines a set of values and wherein collecting data associated with the exercised behavior phase defines another set of values and further comprising clustering both sets of values into respective clusters. 11 . The method of claim 10 , wherein said clustering both sets of values comprises using a machine learning hierarchical clustering algorithm. 12 . The method of claim 10 , wherein computing the deviation comprises computing asymmetrical difference between the respective clusters. 13 . The method of claim 10 , wherein computing the deviation comprises computing the union of the respective clusters minus the intersection of the respective clusters. 14 . A computing device comprising: one or more processors; one or more computer readable storage media storing computer readable instructions which, when executed, perform operations comprising: constructing a domain metadescriptor; constructing a matrix execution to place the domain metadescriptor in a specific context; collecting an initial behavior using the domain metadescriptor in a specific context triggered by the matrix execution; collecting an exercised behavior using the domain metadescriptor in the specific context triggered by the matrix execution; and computing a deviation between the initial behavior and the exercised behavior. 15 . The computing device of claim 14 , wherein collecting an initial behavior phase defines a set of values and wherein collecting the exercised behavior phase defines another set of values and further comprising clustering both sets of values into respective clusters. 16 . The computing device of claim 15 , wherein said clustering both sets of values comprises using a machine learning hierarchical clustering algorithm. 17 . The computing device of claim 15 , wherein computing the deviation comprises computing asymmetrical difference between the respective clusters. 18 . The computing device of claim 15 , wherein computing the deviation comprises computing the union of the respective clusters minus the intersection of the respective clusters. 19 . The computing device of claim 15 , wherein the initial behavior and the exercised behavior are associated with a service. 20 . The computing device of claim 15 , wherein the initial behavior and the exercised behavior are associated with an online service.

Assignees

Microsoft Corp

Inventors

Classifications

H04L63/1425
Traffic logging, e.g. anomaly detection · CPC title
G06F21/577
Assessing vulnerabilities and evaluating computer system security · CPC title
H04L63/1416
Event detection, e.g. attack signature detection · CPC title
G06F21/552Primary
involving long-term monitoring or reporting · CPC title
G06F2221/034
Test or assess a computer or a system · CPC title

Patent family

Related publications grouped by family.

View patent family 53758542

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016019387A1 cover?: A behavior change detection system collects behavior from a service, such as an online service, and detects behavior changes, either permanent or transient, in the service. Machine learning hierarchical (agglomerative) clustering techniques are utilized to compute deviations between clustered data sets representing an “answer” that the service presents to a series of requests.
Who is the assignee on this patent?: Microsoft Corp
What technology area does this patent fall under?: Primary CPC classification G06F21/552. Mapped technology areas include Physics.
When was this patent published?: Publication date Thu Jan 21 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).